FY25 UX Theme: Offer guidance for users to get started with vulnerability remediation
Theme statement
Some users (Security engineers, Software developers) don’t know where to get started when remediating a vulnerability.
Main Job story
When I have to remediate a vulnerability, I want help so that I can efficiently keep our application safe without wasting time searching for resources.
Business objective
Decrease time to open an MR for confirmed vulnerabilities.
Confidence
Confidence | Research |
---|---|
Low |
Requirements
The beneficiary needs to be able to:
Consume helpful resources on remediation, either provided by the company they work for or another resource that the company relies on for guidance, that are contextual to that particular vulnerability.
Feature/solution subthemes
Opportunity | JTBD | Workflow status |
---|---|---|
Customizable security training providers | When my team needs to remediate a specific vulnerability, I want to provide them with reliable external resources to help them, so that I can ensure that they're being helped towards a successful remediation. | workflowdesign |
Link vulnerabilities to company-specific security knowledge bases | When my team needs to remediate a specific vulnerability, I want them to consume the custom recommended remediation set by our company, so that I can make sure they're following internal policies and best practices. | workflowdesign |
Globally enable and set defaults for vulnerability training | When my team needs help remediating vulnerabilities, I want them to consume the recommended remediation path at a higher level than project-level, so that my team can work more efficiently across all projects. | workflowdesign |
Collaborative remediation | When I'm viewing a vulnerability, I want to see a list of example MRs in public projects that fixed similar vulnerabilities, so that I can spend less time looking into solutions. | workflowproblem validation |
Solution Validation - GA Explain this Vulnerability | When my team needs help remediating vulnerabilities, I want them to use GitLab's AI features for vulnerability explanation and remediation, so that we don't have to provide any custom training ourselves and so we get the most out of our Ultimate subscription. | workflowsolution validation |
Design: [Post GA] Explain this Vulnerability - Feature Enhancements | When my team needs help remediating vulnerabilities, they want to do so at the MR level, so that we can shift-left and empower developers to remediate their own vulnerabilities, and so we don't have to wait for the vulnerability to end up on the default branch on the Vulnerability Report. | workflowsolution validation |
Research subthemes
Opportunity | Issue link | Research type |
---|---|---|
TBD |
TBD |
TBD |
Ready for design checklist
The items are self-check suggestions; they could be contributed by designers, product managers, or researchers
-
The theme
has high confidence (derived from research or other data-gathering techniques) -
The Related issues
, features, research, and other background information are linked to the related issues section -
The Business objective
has been defined -
The Requirements
have been defined, and the scope has been agreed upon -
This UX Theme contains everything necessary to complete a design solution and is ready for design
Thematic design workflow checklist
-
Theme assessed Ready for design checklist complete -
Ideate and Iterate -
User flow diagram generated -
Low-fidelity wireframes of the entire theme created -
Feedback requested and incorporated into flow diagram and wireframes
-
-
Validate -
Solution validation conducted on Low/mid-fidelity flow
-
-
Refine -
Research findings incorporated into design -
All micro-interactions are defined -
All edge-cases are accounted for and defined -
All copy has been reviewed by tech writing -
Accessibility guidelines have been considered -
High-fidelity designs posted -
Feedback requested from counterparts -
(If necessary) Validate high-fidelity flow in a 2nd round of user testing
-
-
Refine final design from feedback and user research
-
-
Hand-off -
Designs broken down based on the their ability to stand alone and that they provide value to the user. -
MVC plan agreement reached -
Planning breakdown complete
-
Edited by Becka Lippert